Potential security issue in bubble?

fok_ste · January 2, 2022, 9:26am

In the sourcecode of the an app page you can see that some javascript files will be loaded.

if you open the file you can see all api connectors with the expected data result incl all fields (also the fields that are set on ignore, AND also all database/table fields (w/o values)

In my opinion this could be a interesting page to look for some provided api tokens and also to get known the database structure.

What do you think? Am I wrong?

@emmanuel

johnny · January 2, 2022, 5:11pm

Hmm not totally sure but you can send it over to security@bubble.io just to be safe

buero · January 2, 2022, 6:32pm

seems normal.

Look here:

fok_ste · January 2, 2022, 7:04pm

I know that its “by design”. But the question is - is this a potential security risk as every visitor knows exactly what kind of api-calls and responses you are using/awaiting and how the database structure looks like.

system · March 13, 2022, 9:27am

This topic was automatically closed after 70 days. New replies are no longer allowed.

Topic		Replies	Views
API / Database security Questions	1	558	October 12, 2021
Bubble exposing all API Connector details on page load? Questions	1	49	October 1, 2024
Hidden database values Need help	4	326	December 31, 2022
Is there a risk of possible data leak? Need help	4	746	March 26, 2023
This can't be on purpose, right? APIs	19	253	October 28, 2024

Potential security issue in bubble?

Related topics